IN THE CLAIMS 



1 1. [previously amended] A method for handling dynamic state information used for 

2 handling data packets, which arrive at a network element node of a network element cluster, 

3 said network element cluster having at least two nodes and each node handling separate sets 

4 of data packets, said method comprising: 

5 - maintaining in a first node a first, node-specific data structure comprising 

6 entries representing state information needed for handling sets of data packets 

7 handled in said first node, 

8 - maintaining in said first node in addition to said node-specific data structure a 

9 second, common data structure comprising at least entries representing state 

1 0 information for data packets handled in at least one other node of said network element 

1 1 cluster, the contents of said common data structure effectively differing from the 

1 2 contents of said node-specific data structure and including copies of all state 

1 3 information entries maintained in a node-specific data structure of said at least one 

1 4 other node and needed for handling sets of data packets in said at least one other 

1 5 node, said entries being maintained according to information on how different sets of 

1 6 data packets are distributed among the nodes of the network element cluster, 

1 7 - dynamically changing distribution of at least one set of data packets from said 

1 8 at least one other node to said first node the network element cluster, and providing 

1 9 said first node with respective changed distribution information, 

2 0 - in response to said changed distribution information, selecting the state 

2 1 information entries of said at least one re-distributed set of data packets from said 

2 2 second common data structure and transferring them to said first node-specific data 

2 3 structure of said first node. 

1 2. [previously amended] A method according to claim 1, further comprising: 

2 - allocating to each node belonging to said network element cluster certain 

3 node-specific distribution identifiers, each node having separate node-specific 

4 distribution identifiers allocated to it, 

5 - handling at least a plurality of data packets so that a data packet is handled in 

6 that node of said network element cluster, to which node a distribution identifier 
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7 calculated using certain field(s) of said data packet is allocated, and 

8 - maintaining in a plurality of entries of said node-specific and common data 

9 structures distribution information relating to the distribution identifier, which 
1 0 corresponds to the set of data packets related to the respective entry. 

1 3. [previously amended] A method according to claim 2, further comprising: 

2 - reallocating said distribution identifiers to the nodes of said network element 

3 cluster, 

4 - if said reallocation results in a new distribution identifier being allocated to a 

5 node, said new distribution identifier being a distribution identifier not allocated to said 

6 node at the time of the reallocation, identifying in the common data structure of said 

7 node the entries corresponding to said new distribution identifier, and adding said 

8 entries to the node-specific data structure of said node, and 

9 - if said reallocation results in an old distribution identifier not being allocated to 
1 0 a node anymore, said old distribution identifier being a distribution identifier allocated to 
1 1 said node at the time of the reallocation, identifying in the node-specific data structure 
1 2 of said node the entries corresponding to said old distribution identifier, and clearing 

1 3 said entries from the node-specific data structure of said node. 

1 4. [previously amended] A method according to claim 2, further comprising: 

2 - adding a new entry to said node-specific data structure in a first node, 

3 - communicating said new entry at least to a second node of the network 

4 element cluster, and 

5 - adding an entry corresponding to said new entry to the common data 

6 structure of said second node. 

1 5. [previously amended] A method according to claim 4, further comprising: 

2 - adding an entry corresponding to said new entry to the common data 

3 structure of said first node. 

1 6. [previously amended] A method according to claim 1, further comprising maintaining 

2 in said common data structure of said node entries representing state information needed for 
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3 handling sets of data packets handled in said node. 

1 7. [previously amended] A method according to claim 1 , wherein said state information 

2 comprises the source address field and/or the destination address field of an Internet Protocol 

3 header, and/or port header fields of a Transmission Control Protocol header and/or port 

4 header fields of a User Datagram Protocol header, and/or the identifier header field of an 

5 Internet Control Message Protocol header, and/or a Message Identifier field of an Internet 

6 Security Association and Key Management Protocol header, and/or an Initiator Cookie field of 

7 an Internet Security Association and Key Management Protocol header, and/or the Security 

8 Parameter Index field of a security header relating to the I PSec protocol suite, and/or a Session 

9 ID field relating to the Secure Sockets Layer protocol, and/or an HTTP Cookie field relating to 
1 0 the HyperText Transfer Protocol. 

1 8. [previously amended] A method according to claim 1 , wherein said state 

2 information comprises information-identifying an authenticated entity. 

1 9. [previously amended] A method according to claim 1 , wherein said state information 

2 comprises information-identifying a secured tunnel, within which data packets of the 

3 corresponding set are tunneled. 

1 10. [previously amended] A method according to claim 2, wherein said distribution 

2 identifier is a hash value and a hash function is used for calculating a hash value using certain 

3 field(s) of a data packet. 

1 11. [previously amended] A method according to claim 2, wherein said distribution 

2 information is said distribution identifier. 

1 12. [previously amended] A method according to claim 2, wherein said distribution 

2 information is information needed for calculating said distribution identifier for the 

3 corresponding data packet. 

1 13. [previously amended] A method according to claim 2, wherein said certain field(s) 
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2 for calculating a distribution identifier comprise the source address field and/or the destination 

3 address field of an Internet Protocol header, and/or port header fields of a Transmission 

4 Control Protocol header and/or port header fields of a User Datagram Protocol header, and/or 

5 the identifier header field of an Internet Control Message Protocol header, and/or a Message 

6 Identifier field of an Internet Security Association and Key Management Protocol header, 

7 and/or an Initiator Cookie field of an Internet Security Association and Key Management 

8 Protocol header, and/or the Security Parameter Index field of a security header relating to the 

9 IPSec protocol suite, and/or a Session ID field relating to the Secure Sockets Layer protocol, 
1 0 and/or an HTTP Cookie field relating to the HyperText Transfer Protocol. 

1 14. A network element node of a network element cluster having at least two 

2 nodes, said node comprising 

3 - first data storage, 

4 - means maintaining in said first data storage a first, node-specific data 

5 structure comprising entries representing state information needed for handling sets of 

6 data packets handled in said node, 

7 - second data storage, and 

8 - means maintaining in said second data storage a second, common data 

9 structure comprising at least entries representing state information for data packets 
1 0 handled in one other node of said network element cluster, the contents of said 

1 1 common data structure effectively differing from the contents of said node-specific 

1 2 data structure and including copies of all state information entries maintained in a node- 

1 3 specific data structure of said at least one other node and needed for handling sets of 

1 4 data packets in said at least one other node, and said entries being maintained 

1 5 according to information on how different sets of data packets are distributed among 

1 6 the nodes of the network element cluster, 

1 7 - means receiving changed distribution information dynamically changing 

1 8 distribution of at least one set of data packets from said at least one other node to said 

1 9 node in the network element cluster, and 

2 0 - means that, based on said changed distribution information selects the state 
2 1 information entries of said at least one re-distributed set of data packets from said 

2 2 second common data structure in said second data storage and transfers them to said 
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2 3 first node-specific data structure in said first data storage of said node. 

1 15 [previously amended] A network element node according to claim 14, - 

2 wherein: 

3 - said means maintaining the node-specific data structure are adapted to add a 

4 new entry to said node-specific data structure in said first storage means, and to 

5 communicate said new entry to said means for maintaining common data structure, 

6 - said means for maintaining the common data structure are adapted to 

7 communicate said new entry at least to one other node of the network element cluster, 

8 and in that 

9 - said means maintaining the common data structure are further adapted to 

1 0 receive an entry from at least one other node of the network element cluster and to 

1 1 add an entry corresponding to said received entry to said common data structure in 

1 2 said second storage means. 

1 16. [previously amended] A network element node according to claim 1 5, wherein: 

2 - said means for maintaining the common data structure are further adapted to 

3 add a new entry received from said means for maintaining the node-specific data 

4 structure to said common data structure in said second storage means. 

1 17. [previously amended] A network element node according to claim 14, further 

2 comprising: 

3 - means receiving distribution identifiers, which are currently allocated to said 

4 node, said distribution identifiers being used for handling at least a plurality of data 

5 packets so that a data packet is handled in that node of said network element cluster, 

6 to which node a distribution identifier calculated using certain field(s) of said data 

7 packet is allocated, and 

8 - third data storage storing said distribution identifiers, and 

9 - said means maintaining the node-specific and common data structures are 
1 0 adapted to maintain in a plurality of entries of said node-specific and common data 

1 1 structures in said first and second data storage distribution information relating to the 

1 2 distribution identifier, which corresponds to the set of data packets related to the 
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1 3 respective entry. 

1 18. [previously amended] A network element node according to claim 17, wherein: 

2 - said means receiving distribution identifiers are adapted to receive reallocated 

3 distribution identifiers, 

4 - said means maintaining the common data structure are adapted to detect a 

5 new distribution identifier being allocated to said node due to the reallocation, said new 

6 distribution identifier being a distribution identifier not allocated to said node at the time 

7 of receiving reallocated distribution identifiers, and to identify in the common data 

8 structure the entries corresponding to said new distribution identifier, and to 

9 communicate said entries to said means for maintaining the node-specific data 
1 0 structure for said entries to be added to the node-specific data structure, and 

1 1 - said means maintaining the node-specific data structure are adapted to detect 

1 2 an old distribution identifier not being anymore allocated to said node due to the 

1 3 reallocation, said old distribution identifier being a distribution identifier allocated to said 

1 4 node at the time of the reallocation, and to identify in the node-specific data structure 

1 5 the entries corresponding to said old distribution identifier, and to clear said entries 

1 6 from the node-specific data structure. 

1 19. [previously amended] A network element node-according to claim 14, wherein said 

2 first data storage is a portion of kernel space memory. 

1 20. [previously amended] A network element node-according to claim 14, wherein said 

2 second data storage means is a portion of user space memory. 

1 21. [previously amended] A network element node according to claim 14, wherein said 

2 first data storage is a portion of content addressable memory. 

1 22. [previously amended] A network element node according to claim 14, wherein said 

2 first storage means is a part of a cryptographic card. 

1 23. [previously amended] A network element cluster having at least two network 
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2 element nodes, at least one of said nodes comprising 

3 - first data storage means, 

4 - means for maintaining in said first storage means a first, node-specific data 

5 structure comprising entries representing state information needed for handling sets of 

6 data packets handled in said node, 

7 - second data storage means, and 

8 - means maintaining in said second storage a second, common data structure 

9 comprising at least entries representing state information needed for handling sets of 
1 0 data packets handled in one other node of said network element cluster, the contents 
1 1 of said common data structure effectively differing from the contents of said node- 

1 2 specific data structure 7 and including copies of all state information entries maintained 

13 in a node-specific data structure of said one other node and needed for handling sets 

1 4 of data packets in said one other node, said entries being maintained according to 

1 5 information on how different sets of data packets are distributed among the nodes of 

1 6 the network element cluster, 

1 7 - means for receiving changed distribution information dynamically changing 

1 8 distribution of at least one set of data packets from said one other node to said at least 

1 9 one node in the network element cluster, and 

2 0 - means that based on said changed distribution information selects the state 
2 1 information entries of said at least one re-distributed set of data packets from said 

2 2 second common data structure in said second data storage and transferring them to 

2 3 said first node-specific data structure in said first data storage means of said at least 

2 4 one node. 

1 24. [previously amended] A network element cluster -according to claim 23, - 

2 further comprising: 

3 - means allocating to each node belonging to said network element cluster 

4 certain node-specific distribution identifiers, each node having separate node-specific 

5 distribution identifiers allocated to it, said distribution identifiers being used for handling 

6 at least a plurality of data packets so that a data packet is handled in that node of said 

7 network element cluster, to which node a distribution identifier calculated using certain 

8 field(s) of said data packet is allocated, and in that said at least one node further 
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9 comprises: 
1 0 - means receiving distribution identifiers, which are currently allocated to said 

1 1 node, and 

1 2 - third data storage storing said distribution identifiers, and 

1 3 - said means for maintaining the node-specific and common data structures are 

1 4 adapted to maintain in a plurality of entries of said node-specific and common data 

1 5 structures in said first and second data storage means distribution information relating 

1 6 to the distribution identifier, which corresponds to the set of data packets related to the 

1 7 respective entry. 

1 25. [currently amended] A network element cluster according to claim 24, 

2 wherein: 

3 - said means for allocating distribution identifiers are adapted to reallocate 

4 distribution idenfiers to the nodes of said network element cluster, and wherein in said 

5 at least one node 

6 - said means for r eceiving distribution identifiers are adapted to receive 

7 reallocated distribution identifiers, and 

8 - said means for maintaining the common data structure are adapted to detect a 

9 new distribution identifier being allocated to said node due to the reallocation, said new 
1 0 distribution identifier being a distribution identifier not allocated to said node at the time 

1 1 of receiving reallocated distribution identifiers, and to identify in the common data 

1 2 structure the entries corresponding to said new distribution identifier, and to 

1 3 communicate said entries to said means maintaining the node-specific data structure 

1 4 for said entries to be added to the node; 

1 5 said means for maintaining the node-specific data structure are adapted to 

1 6 detect an old distribution identifier not being anymore allocated to said node due to the 

1 7 reallocation, said old distribution identifier being a distribution identifier allocated to said 

1 8 node at the time of the reallocation, and to identify in the node-specific data structure 

1 9 the entries corresponding to said old distribution identifier, and to clear said entries 

2 0 from the node-specific data structure. 

1 26. [currently amended] A compute r-readable medium having stored thereon 
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2 computer-readable instructions which when executed bv a computer control said computer to 

3 perform the following steps: p roaram compr i s i ng program code for p e rform i ng all th e st e ps of 

4 C l a i m 1 wh e n sa i d program i s run on a comput e r. 

5 -maintaining in a first node a first, node-specific data structure comprising 

6 entries representing state information needed for handling sets of data packets 

7 handled in said first node, 

8 - maintaining in said first node in addition to said node-specific data structure a 

9 second, common data structure comprising at least entries representing state 

1 0 information for data packets handled in at least one other node of said network element 

1 1 cluster, the contents of said common data structure effectively differing from the 

1 2 contents of said node-specific data structure and including copies of all state 

1 3 information entries maintained in a node-specific data structure of said at least one 

1 4 other node and needed for handling sets of data packets in said at least one other 

1 5 node, said entries being maintained according to information on how different sets of 

1 6 data packets are distributed among the nodes of the network element cluster. 

1 7 - dynamically changing distribution of at least one set of data packets from said 

1 8 at least one other node to said first node the network element cluster, and providing 

1 9 said first node with respective changed distribution information. 

2 0 - in response to said changed distribution information, selecting the state 

2 1 information entries of said at least one re-distributed set of data packets from said 

2 2 second common data structure and transferring them to said first node-specific data 

2 3 structure of said first node. 

1 27. [currently amended] A compute r-readable medium having stored thereon 

2 computer-readable instructions that can control a computer to carry out a process, said 

3 instructions comprising: program product compr i s i ng program codo m e ans stor e d on a 

4 comput e r r e adab le m e d i um for p e rform i ng th e m e thod of C l a i m 1 wh e n said program product i s 

5 run on a computer. 

6 -means for maintaining in a first node a first, node-specific data structure 

7 comprising entries representing state information ne eded for handling sets of data 

8 packets handled in said first node, 

9 - means for maintaininoln said first node in addition to said node-specific data 
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1 0 structure a second, common data structure comprising at least entries representing 

1 1 state information for data packets handled in at least one other node of said network 

1 2 element cluster, the contents of said common data structure effectively differing from 

1 3 the contents of said node-specific data structure and including copies of all state 

1 4 information entries maintained in a node-specific data structure of said at least one 

1 5 other node and needed for handling sets of data packets in said at least one other 

1 6 node, said entries being maintained according to information on how different sets of 

1 7 data packets are distributed among the nodes of the network element cluster. 
1 8 - means for dynamically chancing distribution of at least one set of data 

1 9 packets from said at least one other node to said first node the network element 

2 0 cluster, and providing said first node with respective changed distribution information. 
2 1 - means for responding to said changed distribution information, by selecting 

2 2 the state information entries of said at least one re-distributed set of data packets from 

2 3 said second common data structure and transferring them to said first node-specific 

2 4 data structure of said first node. 
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